Back

Data and Security —
Training activity: 4

Training activity information

Details

Create a safety case report for a new system or system under development, applying the principles of “data protection by design”

Type

Developmental training activity (DTA)

Evidence requirements

Evidence the activity has been undertaken by the trainee​.

Reflection on the activity at one or more time points after the event including learning from the activity and/or areas of the trainees practice for development.

An action plan to implement learning and/or to address skills or knowledge gaps identified.

Considerations

  • Methods to protect and back up data
  • Business continuity issues
  • Hardware and software systems
  • Local, national, international guidelines and legislation
  • Proactive consideration of cyber security
  • External security accreditation
  • Medical device management and maintaining clinical and patient safety
  • Lifecycle management for data protection and cyber security measures

Reflective practice guidance

The guidance below is provided to support reflection at different time points, providing you with questions to aid you to reflect for this training activity. They are provided for guidance and should not be considered as a mandatory checklist. Trainees should not be expected to provide answers to each of the guidance questions listed.

Before action

  • What do you need to know before starting to create the report? This includes understanding the system under development, the principles of ‘data protection by design’, and the required structure and content of a safety case report.
  • What do you anticipate you will learn from this experience? Consider how to translate data protection principles into practical design considerations and how to document these within a safety case framework. Reflect on your current understanding of system development lifecycles and data protection.
  • What actions will you take in preparation for this experience? Will you research the principles of ‘data protection by design’? Will you review examples of safety case reports? Will you discuss the system under development with the project team or your training officer? Consider potential challenges in applying these principles or structuring the report and how you might address them. Identify how you feel about embarking on this training activity.

In action

  • When structuring the safety case report and incorporating “data protection by design”, what key elements are you focusing on? Why are you presenting the information in this particular format?
  • What decisions are you making about how to articulate the safety considerations and the data protection measures being built in?
  • Where does your understanding of safety case principles and ‘data protection by design’ feel strong, and where are you having to actively think through the implications?
  • How well do you think your report is capturing the essential safety and data protection aspects? What challenges are you facing in integrating these concepts effectively?
  • What are you learning about the process of designing safety and privacy into a new system? How does this connect with broader system development methodologies?
  • If you are unsure about how to best articulate a particular safety concern or data protection feature, could reviewing examples of safety case reports or discussing this with a colleague help? Are the data protection measures you are proposing aligned with relevant regulations and best practices?

On action

  • Summarise the new or developing system you focused on, the structure and content of the safety case report you created, and how you applied the principles of ‘data protection by design’.
  • What did you learn about the process of creating a safety case report from the ground up? How did you apply the principles of ‘data protection by design’ in a practical context? Were there any challenges in translating the principles of ‘data protection by design’ into concrete elements of the safety case report?
  • What aspects of safety case report creation do you need to refine? How will you ensure that ‘data protection by design’ is effectively integrated into future system development projects? What are your next steps in further understanding and applying the principles of ‘data protection by design’? Do you require any further examples or templates for safety case reports?

Beyond action

  • Have you revisited the safety case report you created? How does your understanding of ‘data protection by design’ now compare? Have you seen other safety case reports and compared approaches?
  • How has the process of creating this report influenced your approach to planning and developing new systems, ensuring data protection is considered from the outset? Have the documentation skills been useful elsewhere?
  • What transferable skills, such as planning and documentation, did you develop? What further learning in ‘data protection by design’ or safety case report writing would be beneficial?

Relevant learning outcomes

# Outcome
# 1 Outcome

Review and prepare appropriate documentation for clinical information systems.
# 2 Outcome

Review and identify data protection and cyber security risks for clinical information systems and develop and implement appropriate mitigation strategies.
# 3 Outcome

Apply the principles of “data protection by design” to new and existing clinical information systems.
Top